Steganography-based malware attacks involve concealing malicious software code, botnet commands, leaked information, etc., in an ordinary media file (e.g., an image file, an audio file, a video file). In some instances, the malicious code directs an infected device to a website that performs a set of malicious acts on the infected device by taking advantage of a known vulnerability of the infected device. Some types of malware cause valuable information stored in a computing device to be steganographically hidden in media files that are then transmitted to a third party for exploitation. Many corporations, governmental entities and others have lost large amounts of leaked information from such attacks. Current techniques to detect steganographic-based attacks are typically performed manually after the damage caused by the attack has been detected and include applying a variety of tests to suspected carriers of the malware and visually inspecting resulting binary data.
The figures are not to scale. Wherever possible, the same reference numbers will be used throughout the drawing(s) and accompanying written description to refer to the same or like parts.